This content is for educational and authorized security assessment purposes only.
- Do NOT run these tools on networks or systems without explicit written authorization.
- Misuse can result in severe legal consequences.
- You are solely responsible for your actions.
This gist provides two advanced C# tools for simulating high-impact network flood attacks:
- SYN Flood: Floods a target with randomized TCP SYN packets.
- UDP Flood: Floods a target with randomized UDP datagrams.
Both tools feature:
- Randomized source IPs (spoofed packets)
- Randomized source MAC addresses (Ethernet layer spoofing)
- Full custom construction of Ethernet, IP, and TCP/UDP headers.
- Linux-only support, using raw
AF_PACKETsockets for maximum realism.
flowchart LR
Attacker["C# Raw Socket Tool"]
Randomize["Random<br>MAC & IP"]
Target["Target Server/Switch"]
Attacker -- "Ethernet Frame (random MAC, random IP)" --> Randomize
Randomize -- "Packets" --> Target
- Each packet sent has a new, random source MAC and IP address.
- Network appliances are stress-tested at both Layer 2 (MAC) and Layer 3 (IP).
| Feature | SYN Flood | UDP Flood |
|---|---|---|
| Custom Ethernet (MAC) Header | β | β |
| Custom IP Header (Random IP) | β | β |
| Custom TCP/UDP Header | β (SYN only) | β |
| Works on Linux (AF_PACKET) | β | β |
| Requires root privileges | β | β |
| Windows support | β (Linux only) | β (Linux only) |
| Fully open-source | β | β |
- Bypass basic anti-DDoS rules: Simulates a global botnet.
- Test network-level defense devices: Switches, firewalls, and routers.
- Evaluate real-world readiness: Most tools only randomize IP; this stack attacks at both Ethernet and IP layers.
sudo mono SynFloodWithRandomMAC.exe eth0 192.168.1.100 80eth0β your network interface192.168.1.100β target IP address80β target port (e.g., web server)
sudo mono UdpFloodWithRandomMAC.exe eth0 192.168.1.100 5353β target UDP port (e.g., DNS)
- Randomly generates a source MAC for every packet:
byte[] srcMAC = RandomMac();
- Sets broadcast or specific destination MAC:
Buffer.BlockCopy(dstMAC, 0, eth, 0, 6); Buffer.BlockCopy(srcMAC, 0, eth, 6, 6); eth[12] = 0x08; eth[13] = 0x00; // EtherType = IPv4
- Randomly generates a valid source IP:
byte[] srcIP = RandomIP();
- Sets all header fields (version, length, protocol, etc.), and calculates IP checksum.
- SYN Flood: Sends TCP SYN packets with randomized source port.
- UDP Flood: Sends UDP datagrams with randomized source port.
- Uses Linux
AF_PACKETraw socket:Socket s = new Socket(AddressFamily.Packet, SocketType.Raw, (ProtocolType)0x0003); s.SendTo(pkt, 0, pkt.Length, SocketFlags.None, new SockAddr(addr));
[INFO] Sending SYN flood to 192.168.1.100:80 on eth0
[INFO] Random Source MAC: d2:b1:7f:4a:11:23, Source IP: 7.8.132.22
[INFO] Random Source MAC: 0a:fd:ac:db:22:ff, Source IP: 210.65.2.150
...
SynFloodWithRandomMAC_Version17.cs
β’ C# source code β’ Randomizes MAC & IP β’ TCP SYN flood |
UdpFloodWithRandomMAC_Version17.cs
β’ C# source code β’ Randomizes MAC & IP β’ UDP flood |
SynFloodEthernet_Ultra_Version4.cs
β’ C# source code β’ Ethernet SYN flood β’ Advanced randomization β’ Multi-protocol support |
SynFloodEthernetUltra_Version5.cs
β’ C# source code β’ Ethernet SYN flood β’ Ultra advanced randomization β’ Multi-protocol, multi-target, Prometheus |
Q: Can I use this on Windows?
A: No. Windows does not support sending Ethernet frames with custom MACs from user-space C#.
Q: Does it work in a VM?
A: Only if the VMβs network is set to βbridgedβ and the hypervisor allows raw Ethernet frames.
Q: Can I use this for real DDoS?
A: Absolutely not. This is for authorized testing only.
- Always have explicit written permission.
- Test in isolated, controlled lab environments.
- Monitor the targetβs health and network congestion.
- Use Wireshark/tcpdump to verify spoofed packets.
Feel free to fork and contribute improvements, such as:
- IPv6 support
- Rate limiting
- Enhanced reporting
Developed by πππππππ-ππ for internal security audits and educational purposes.